cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2124
Views
0
Helpful
3
Replies

Site to site VPN between cisco asa 5550 and checkpoint r75

suhailpuri
Level 1
Level 1

Hi all ,

below is cisco asa config for our customer end:

crypto ipsec transform-set chello-transform esp-aes-256 esp-sha-hmac

crypto ipsec security-association lifetime seconds 3600

crypto ipsec security-association lifetime kilobytes 4608000

crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400

What should i configure on checkpoint for first phase and second phase ?

Regards,

Suhail

3 Replies 3

david.tran
Level 4
Level 4

In checkpoint VPN community, default setting for phase 1 is 86400 seconds so you're good there.  Phase II default is 28,800 so  you need to edit the parameter and change it to 3600.  the rest is the same as cisco with the exception of the lifetime in kilobytes which CP does not have

Easy right?

its already set to 3600 by default , all i need to know is what shall i use in phase 1 : sha 1 , sha6 , 3des , aes 256

what shall i use in phase 2: sha 1 , sha6 , 3des , aes 256

Regards,

Suhail

both sides need to be identical.  Whatever you set on the Cisco side, you do the same thing on Checkpoint R75 in the VPN community section

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: